Vulnerabilities > Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-12-07 | CVE-2022-44942 | Path Traversal vulnerability in Casbin Casdoor Casdoor before v1.126.1 was discovered to contain an arbitrary file deletion vulnerability via the uploadFile function. | 8.1 |
2022-12-06 | CVE-2022-44900 | Path Traversal vulnerability in Py7Zr Project Py7Zr A directory traversal vulnerability in the SevenZipFile.extractall() function of the python library py7zr v0.20.0 and earlier allows attackers to write arbitrary files via extracting a crafted 7z file. | 9.1 |
2022-12-06 | CVE-2022-23470 | Path Traversal vulnerability in Galaxyproject Galaxy 22.01/22.01.1/22.05 Galaxy is an open-source platform for data analysis. | 7.5 |
2022-12-05 | CVE-2022-42706 | Path Traversal vulnerability in Sangoma Asterisk and Certified Asterisk An issue was discovered in Sangoma Asterisk through 16.28, 17 and 18 through 18.14, 19 through 19.6, and certified through 18.9-cert1. | 4.9 |
2022-12-01 | CVE-2022-29837 | Path Traversal vulnerability in Westerndigital products A path traversal vulnerability was addressed in Western Digital My Cloud Home, My Cloud Home Duo and SanDisk ibi which could allow an attacker to initiate installation of custom ZIP packages and overwrite system files. | 7.8 |
2022-11-29 | CVE-2022-3361 | Path Traversal vulnerability in Ultimatemember Ultimate Member The Ultimate Member plugin for WordPress is vulnerable to directory traversal in versions up to, and including 2.5.0 due to insufficient input validation on the 'template' attribute used in shortcodes. | 4.3 |
2022-11-29 | CVE-2022-4030 | Path Traversal vulnerability in Simple-Press Simple:Press The Simple:Press plugin for WordPress is vulnerable to Path Traversal in versions up to, and including, 6.8 via the 'file' parameter which can be manipulated during user avatar deletion. | 8.1 |
2022-11-29 | CVE-2022-4031 | Path Traversal vulnerability in Simple-Press Simple:Press The Simple:Press plugin for WordPress is vulnerable to arbitrary file modifications in versions up to, and including, 6.8 via the 'file' parameter which does not properly restrict files to be edited in the context of the plugin. | 4.9 |
2022-11-29 | CVE-2022-25848 | Path Traversal vulnerability in Static-Dev-Server Project Static-Dev-Server 1.0.0 This affects all versions of package static-dev-server. | 7.5 |
2022-11-28 | CVE-2022-45921 | Path Traversal vulnerability in Fusionauth FusionAuth before 1.41.3 allows a file outside of the application root to be viewed or retrieved using an HTTP request. | 7.5 |